recentpopularlog in


« earlier   
Look! How to Fix Desktop Refers to A Location That Is Unavailable Error? - EaseUS
Received location is not available with a full error message reporting [c:\windows\system32\config\systemprofile\desktop refers to a location that is unavailable]? Take it easy! Find solutions here to fix desktop refers to a location that is unavailable error in Windows 10, 8.1, 8 and 7 without losing desktop data and files.
windows  HowTo  desktop  sysadmin 
yesterday by jimjulian
Windows Command-Line: Introducing the Windows Pseudo Console (ConPTY) – Windows Command Line Tools For Developers
In this, the fourth post in the Windows Command-Line series, we'll discuss the new Windows Pseudo Console (ConPTY) infrastructure and API - why we built it, what it's for, how it works, how to use it, and more.
kb_cpu  windows  linux 
yesterday by rootis0
Find Your Computer’s BIOS Version From the Command Line
Find Your Computer’s BIOS Version From the Command Line
Dave Greenbaum
8/09/14 5:00pm

The next time you update your PC or try to troubleshoot compatibility problems, you'll may need to know your current BIOS. You could reboot the computer, but it's much easier to use the Windows command line utility.

In the command prompt window type:

wmic bios get smbiosbiosversion

You'll get back the computer's BIOS version. It's that easy, no reboot necessary!
closingtab  windows 
yesterday by lannamichaels
Rotten Potato | Penetration Testing Lab
However there is a technique which can be used that tries to trick the “NT Authority\System” account to negotiate and authenticate via NTLM locally so the token for the “NT Authority\System” account would become available and therefore privilege escalation possible. This technique is called Rotten Potato and it was introduced in DerbyCon 2016 by Stephen Breen and Chris Mallz.
windows  privesc  privilegeescalation  pentest  security 
yesterday by whip_lash
The Best Tools Hidden in Windows' Command Line
The Best Tools Hidden in Windows' Command Line
Walter Glenn
3/28/14 11:00am

While it may not always be the best choice in Windows, there are certain things you can only do from the command line. We've talked about a few command line essentials before, like using tracert to troubleshoot a flaky Internet connection and using recimg to create a custom Windows recovery image. Here are a few more you should probably know about (if you don't already).
Article preview thumbnail
How to Troubleshoot a Flaky Internet Connection

You're zooming down the information superhighway getting things done when your usually-trusty…
Read more

We're using Windows 8.1 for screenshots and details in this article, but most of these tools have been around a long time and are available in previous versions of Windows. If you have any doubt about whether they're available or if options are different, just open up the command prompt and type the command followed by /?. That will let you know if the command exists and what options you can use with it.

Also, many of these tools require that you run the Command Prompt with administrator privileges. To do that, right-click the Command Prompt icon and choose Run as administrator. Better yet, pin it to your Start menu or taskbar, right-click it and choose Properties, click the Advanced button, and choose Run as administrator. That way, it will run with elevated privileges every time.
System File Checker

Windows can usually detect when a system file is missing and replace it for you without any intervention on your part. You typically won't even be notified when it happens. But even with this ability, system files can become corrupted or the wrong versions of system files can get installed by errant applications. Sometimes, these problems slip by Windows unnoticed.

Windows includes the command line tool System File Checker, which scans several thousand basic Windows files, comparing them against the original versions that shipped with Windows or, depending on the files, that have been updated through Windows Updates. If System File Checker finds a mismatch, it replaces the original file. Depending on how you installed Windows, you may or may not need the installation media, but usually you won't.

To run the tool, just type sfc at the command prompt followed by a space and then any of the following common options:

/scannow. This performs an immediate scan of your system and will replace files as necessary. You may need to restart Windows when it's done if it finds problems.
/scanonce. This performs a scan the next time you restart your system.
/scanboot. This schedules a scan to be performed every time you restart your system.
Revert. This returns the System File Checker to its default settings. You can use it to turn off the /scanboot option, for example.

Check Disk

Check Disk attempts to repair file system errors, locate bad sectors, and recover readable information from those bad sectors. If you ever start Windows and it tells you that it's scanning your hard disks before starting up, that's Check Disk at work. When Windows detects certain types of errors, it schedules a scan all by itself.

It takes a long time to run, especially if you let it scan the entire hard disk, including free space, so it's not really the kind of tool you want to run regularly. If you're concerned about general hard disk health, you should make use of one of the free S.M.A.R.T checkup utilities out there. I'm a fan of Passmark Disk Checkup, personally. It reads various self-monitoring data the hard disk itself collects and gives you a pretty good idea of how your hard disk is doing.

Still, sometimes hard disks are physically fine to keep using, but suffer from the occasional bad sector and corrupted files those bad sectors can cause. Windows tries its best to correct those problems for you, and it does a pretty good job. But if you ever notice that certain programs just refuse to start or you get an error when you try to access particular folders or files, bad sectors on the disk are a possible culprit. Check Disk can find those bad sectors, often recover data from them, and then map those sectors out so Windows doesn't use them anymore.

You can run Check Disk by typing chkdsk at the command prompt, followed by a space, and then any of these options:

Volume. If you want to check a whole drive, just type the drive letter.
Filename. You can also use chkdsk to check a single file or group of files.
/F. Run it with this option to have chkdsk go ahead and fix those errors.
/R. This option forces chkdsk to locate bad sectors and recover information from them. If chkdsk cannot lock the disk (which it usually can't since you're actually using Windows), it will prompt you run the command the next time you restart Windows. This is the option you'll use for the most thorough scan because running it also implies that you're running the /F option.

If you run chkdsk with no extra options, it will just perform a scan and give you a report without actually changing anything. So, you'll need to specify a volume or file name and one of the other options to make any fixes. Here's a common example. If you want chkdsk to scan your C: drive, locate bad sectors, recover information, and map over those bad sectors, type:

chkdsk C: /R

Note that there is a graphical interface of sorts for Check Disk. Open Windows Explorer, right-click a drive, and choose Properties. On the Tools tab, click the Check button. This opens up a prompt that lets you schedule a scan on the next restart. You'll be prompted to fix any errors that are found. This interface doesn't provide any of the advanced options the command line version does and it also doesn't let you scan individual files.

Ipconfig lets you view and work with TCP/IP information. You can use it to check your computer's IP address, have it release or renew that IP address if it's automatically assigned, and even purge the local DNS cache.

To use it, just type ipconfig at the command line. By itself, the command shows you IP addressing information about each of the network adapters on your computer. It may show several different adapters, so you'll have to do a little scouting to find the one you're looking for. You'll typically see a Wireless LAN adapter (for your wireless connection) and an Ethernet adapter (for your wired connection), and probably a few tunnel, virtual, or VPN adapters, depending on your setup. The information it shows you includes the IP address, physical (or MAC) address, default gateway, and subnet assigned to the adapter.

You can also add any of the following options to the ipconfig command by typing ipconfig, followed by a space, and then the option.

/all. This option shows you all the same information as just running the ipconfig command by itself, plus a whole bunch more, such as whether the adapter is automatically assigned an IP address from a DHCP server, when that address was assigned, and when it expires.
/release. Use this option to release all DHCP-assigned IP addresses. Note that your network will not work after this and typically you'll need use the /renew command afterward.
/renew. Use this option to release and then immediately try to renew all DHCP-assigned information. This is probably the option you'll use most, as it forces your computer to reconnect to your router or to your ISP's servers (depending on your setup). It can be really helpful when troubleshooting connectivity problems.
/flushdns. This option purges the local DNS cache. DNS is used to translate the more human-readable computer names and web addresses we use (like into IP addresses. The cache is DNS information stored locally on your computer so your computer doesn't have to look it up on a DNS server every time. Sometimes, flushing the DNS cache can resolve problems where you have network connectivity, but can't reach some computers or websites by name.


The cipher command is mostly for working with encrypted folders and files on NTFS volumes in Windows. Frankly, if you're using that type of encryption, you have a graphical interface available that does most of what you need, though the command is good for controlling encryption programmatically or through batch files and scripts.

However, cipher does include one option at the command line that you might find useful:

cipher /W:pathname

The /W option removes data on unused portions of a volume, effectively erasing data that may be hanging around on your hard drive after deletion. You can point cipher at an entire volume (like C:) or a specific folder. As you probably already know, when you delete files from Windows, they are not actually erased from the hard drive. Instead, Windows marks that space as available to be written over with new files.

Note that this really applies to traditional hard drives and not SSDs. When you delete files from an SSD, those files are removed immediately.

The driverquery command generates a list of all hardware drivers installed in Windows. It's good for giving you a report about installed drivers that you can save for later reference or for investigating the version number of a currently installed driver so that you can make a better decision should you be thinking of updating.

Typed by itself, driverquery just generates a list of drivers that you can scroll through. As usual, the power comes from the options you can add:

/s. This option lets you specify the name or IP address of a remote computer so that you investigate the drivers it has installed.
/si. This option shows you the digital signature information for drivers.
/fo. This is really the key option you'll use with driverquery. It lets you specify the format in which information is displayed so that you can more effectively save it as a report. After typing /fo add one of the following options: TABLE (the default view), LIST (which… [more]
closingtab  windows 
yesterday by lannamichaels
Home · Microsoft/Detours Wiki
Detours is a library for intercepting binary functions on ARM, x86, x64, and IA64 machines. Detours is most commonly used to intercept Win32 APIs calls within an application, such as to add debugging instrumentation. Interception code is applied dynamically at runtime. Detours replaces the first few instructions of the target function with an unconditional jump to the user-provided detour function. Instructions from the target function are placed in a trampoline. The address of the trampoline is placed in a target pointer. The detour function can either replace the target function or extend its semantics by invoking the target function as a subroutine through the target pointer to the trampoline.
hot-reloading  library  dll  windows  layer  debugging 
yesterday by tgfrerer
Pritunl Client - Open Source OpenVPN Client
Open Source OpenVPN Client
Free and open source cross platform OpenVPN client
osx  software  opensource  misc  windows  security  linux 
yesterday by masukomi

Copy this bookmark:

to read